GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
devise Time-of-check Time-of-use Race Condition vulnerability
Moderate
CVE-2019-5421
was published
for
devise
(RubyGems)
Mar 19, 2019
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Critical
CVE-2021-32708
was published
for
league/flysystem
(Composer)
Jun 29, 2021
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Moderate
CVE-2020-8867
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Aug 2, 2021
Miner fails to get block template when a cell used as a cell dep has been destroyed.
High
GHSA-v666-6w97-pcwm
was published
for
ckb
(Rust)
Aug 25, 2021
Race condition in Apache Tomcat
High
CVE-2022-23181
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 1, 2022
Potential proxy IP restriction bypass in Kubernetes
Low
CVE-2020-8562
was published
for
k8s.io/kubernetes
(Go)
Feb 2, 2022
Insecure temporary file in Tensorflow
High
CVE-2022-23563
was published
for
tensorflow
(pip)
Feb 9, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Low
CVE-2017-18869
was published
for
chownr
(npm)
Feb 10, 2022
b2-sdk-python TOCTOU application key disclosure
Moderate
CVE-2022-23651
was published
for
b2sdk
(pip)
Feb 24, 2022
B2 Command Line Tool TOCTOU application key disclosure
Moderate
CVE-2022-23653
was published
for
b2
(pip)
Feb 24, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins
Moderate
CVE-2021-21615
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
etcd vulnerable to TOCTOU of gateway endpoint authentication
Low
GHSA-h8g9-6gvh-5mrc
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-mc8h-8q98-g5hr
was published
for
remove_dir_all
(Rust)
Feb 24, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2023-0778
was published
for
github.com/containers/podman/v4
(Go)
Mar 27, 2023
NuGet Client Remote Code Execution Vulnerability
High
CVE-2023-29337
was published
for
Microsoft.Build.NuGetSdkResolver
(NuGet)
Jun 14, 2023
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Low
GHSA-f2wx-xjfw-xjv6
was published
for
topgrade
(Rust)
Jul 17, 2023
FoodCoopShop Server-Side Request Forgery vulnerability
High
CVE-2023-46725
was published
for
foodcoopshop/foodcoopshop
(Composer)
Nov 2, 2023
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
High
CVE-2023-43741
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
Gradio apps vulnerable to timing attacks to guess password
Moderate
CVE-2024-1729
was published
for
gradio
(pip)
Feb 22, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Moderate
CVE-2024-28718
was published
for
magnum
(pip)
Apr 12, 2024
OpenStack Storlets arbitrary code execution vulnerability
High
CVE-2024-28717
was published
for
storlets
(pip)
Apr 22, 2024
ProTip!
Advisories are also available from the
GraphQL API